class RuboCop::Cop::GitlabSecurity::DeepMunge

Checks for disabling the deep munge security control.

Disabling this security setting can leave the application open to unsafe query generation

@example

# bad
config.action_dispatch.perform_deep_munge = false

See CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

Constants

MSG

Public Instance Methods

on_send(node) click to toggle source
# File lib/rubocop/cop/gitlab-security/deep_munge.rb, line 22
def on_send(node)
  return unless disable_deep_munge?(node)

  add_offense(node, location: :selector)
end